Previous versions of the evolution package were vulnerable to a format
string vulnerability which could allow arbitrary code execution at the
permission level of the user running evolution (usually non-root) via a
specially crafted shared memo.

Previous versions of the ImageMagick package were vulnerable to
buffer overflows in the code which parses DCM and XWD files, which could
allow an attacker to execute arbitrary code at the permission level of
the user running ImageMagick (usually non-root). The attacker would have
to convince a user to open the file in ImageMagick. While these file
formats are not common, it is possible to disguise the file such that it
appears to be a file of another, more common, type.

Previous versions of the ImageMagick package were vulnerable to
buffer overflows in the code which parses DCM and XWD files, which could
allow an attacker to execute arbitrary code at the permission level of
the user running ImageMagick (usually non-root). The attacker would have
to convince a user to open the file in ImageMagick. While these file
formats are not common, it is possible to disguise the file such that it
appears to be a file of another, more common, type.

Previous versions of the nas package were vulnerable to a number of buffer
overflows, NULL and invalid pointers, and an int overflow. Foresight Linux is
not vulnerable to any of these by default, as Foresight does not ship the
initscript which starts the nas daemon.

Previous versions of the slocate package were vulnerable to an
information-disclosure vulnerability. Slocate did not properly manage
database entries that specify names of files in protected directories.
Thus, for example, a user could see via slocate the names of files in a
directory chmodded 711.

Previous versions of openoffice.org were vulnerable to multiple
issues which could be exploited to execute arbitrary code at the
permission level of the user running openoffice (usually non-root).
Attack vectors include coercing a user into opening a URL which contains
an exploit, coercing the user into opening a vulnerable WordPerfect file
(via bundled libwpd), and coercing a user into opening a vulnerable
StarCalc document.

Previous versions of the cups package could be forced to hang via a
client "partially negotiating" an ssl connection. In this state, cups
would not allow other connections to be made, a denial of service.